GitLab

Target URL	https://egov.quangnam.gov.vn
Severity	Medium

Affects

https://egov.quangnam.gov.vn/oauth/

Attack Details

This type of XSS can only be triggered on (and affects) content sniffing browsers.

URL encoded GET input code was set to 1'"()&%

HTTP Request

GET /oauth/?code=1'"()%26%25<acx><ScRiPt%20>4RRG(9350)</ScRiPt> HTTP/1.1
Referer: https://egov.quangnam.gov.vn/
Cookie: connect.sid=s%3AtfxSYpXxyAkMnHmZIPw5zMeav79wN426.um3PKLwnU5j8DPUWT7VHpA8wYcbTCFbpZe1z9Ul5hNg
Accept: text/html,application/xhtml+xml,application/xml;q=0.9, * / * ;q=0.8
Accept-Encoding: gzip,deflate
Host: egov.quangnam.gov.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

Vulnerability Description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

Impact

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

Remediation

Your script should filter metacharacters from user input.

---

References

Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
The Cross Site Scripting Faq
XSS Filter Evasion Cheat Sheet
Cross site scripting
OWASP PHP Top 5
[How To: Prevent Cross-Site Scripting in ASP.NET](https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff649310(v=pandp.10))